1. Field of the Invention
The present invention relates to an electronic system for control of access to a function enabling a user conditionally to obtain a service or some other provision from a specialized service unit associated with the system in question.
More particularly, the invention relates to a system for control of access to a computer or more generally to a computerized network, use of which is reserved for persons having been duly legitimately entitled. Such networks may serve for example to provide all kinds of services entailing a transaction, usually with a monetary consideration, such as television shopping, pay television, home banking, interactive televised games, or also confidential faxes etc.
2. Description of Related Art
An example of a prior system of this type is described in U.S. Pat. No. 3,806,874. This patent discloses a personal identification or authentication system which generates passwords by encoding binary-decimal time data and two fixed numbers. In this system, an identification unit (a card) generates first and second data sequences (passwords) in accordance with an individual personal number, secret data and binary digital time data from a first clock. The individual personal number is transmitted to a testing unit (a server). The testing unit generates first and second data sequences by encoding the personal identification number, secret data and binary-decimal time data from a second clock. The binary-decimal time data are independently supplied by the separate clocks in the identification unit and the testing station. More particularly, identification unit 10 includes primary store 12 which stores an individual personal number in ROM and secret circuit 20 which stores secret data in secret store 26 and which generates the first and second data sequences. The secret data vary from user to user and are unknown to the user. The secret circuit 20 has an encoding circuit which produces the first and second data sequences by encoding input data including the individual personal number, the secret data and binary-decimal time data from clock 42. The server includes a primary store 12 which stores an individual personal number in ROM and a secret circuit 20 which stores secret data in secret store 26 and which generates the first and second data sequences (passwords). The secret circuit 20 has an encoding circuit which produces the first and second data sequences by encoding input data including the individual personal number, the secret data and binary-decimal time data from clock 42.
In the server, a secret circuit 31, which corresponds to secret circuit 20 in the card, includes secret store 33 and receives a time input from clock 53. Secret circuit 31 also receives an input (the individual personal number) from primary store 12 in identification unit 10. Secret circuit 31 has an encoding circuit which produces first and second data sequences (passwords) by encoding input data including the individual personal number, the secret data and binary-decimal time data from clock 53. The first data sequences are compared in comparator 30 in the card. If they match, the second data sequences are compared in comparator 41 in the server. If the second data sequences match, an acceptance signal is generated. Comparator 30 compares (1) the first data sequence obtained from the server during the same time interval that the first data sequence was generated in the testing station with (2) the first data sequence generated in the card during the same time interval. In other words, the comparator 30 must receive the first data sequence from the server during the same time interval that it was generated so that this received data sequence will match the first data sequence generated in the identification unit during this same time interval. The same statement applies to the second data sequence compared by comparator 41.
Both of the secret circuits 20 and 31 of U.S. Pat. No. 3,806,874 produce passwords (verification numbers) by encoding the individual personal number, the secret data and the binary-decimal data representing time to yield the first and second data sequences. To generate matching data sequences, the binary decimal time data employed in the identification unit and the testing station must be identical; thus, clocks 42 and 53 should be synchronized so that they will generate the same time data at substantially the same instant of time.
U.S. Pat. No. 4,601,011 discloses an authentication system which generates a password by enciphering a fixed number with a two-part key, a first part of which is non-changing and a second part of which varies each time the key is used for encryption. This system includes at least one portable electronic device (a card) and at least one electronic verification device (a server) which is intended conditionally to deliver authorizations for access to a computing facility. The system generates passwords which in one embodiment are a function of time and in another are a function of the number of passwords generated in the portable remote unit. The remote unit generates in an enciphering module a different password for each transmission by using a two-part key. The server receives the password from the card and generates an internal password by enciphering a fixed number (corresponding to the fixed number enciphered in the card) with the first key part (stored in memory) and the second key part (received from the card). Comparator 50 compares the received password and the internal password and provides an output which grants/denies access to computing facility 56 based on the comparison result.
Both the system of U.S. Pat. No. 4,601,011 and the system of U.S. Pat. No. 3,806,874 produce identical passwords ("data sequences" or "encrypted verification numbers") in both a card and a server, wherein the units independently compute the passwords by performing an encoding program on data including at least a fixed individual personal code and at least a number that represents time or that varies as a function of the number of passwords generated in the card.
U.S. Pat. No. 4,720,860 discloses another authentication system employing a static variable and a dynamic variable to generate passwords. In this patent, for every transaction to be accomplished, a fixed code is entered into the card by the user at the start of the access request procedure. This fixed code constitutes a static variable. A second variable is also produced, and the latter varies dynamically as a function of time, especially as a function of the instant at which the fixed code is entered into the card by the user. The two variables, the one static and the other dynamic, are next used as input parameters of a secret encryption algorithm implemented in order to produce a password in the card. This password is displayed on the card and the user is invited to transfer it into the server. The fixed code is also transferred to the server, and the server, by using the same encryption algorithm, together with a dynamic variable, in principle with the same value as that used in the card, also calculates the password. The latter is compared with the password transmitted to the server by the user, and in the event of matching, authorization for access to the function can be delivered. This access control system thus employs a static variable from which the encryption algorithm calculates the password while also using the dynamic variable. In this system, the static variable is stored in memory in the card and is transmitted to the server, for example over a telephone line; thus, it is vulnerable to being discovered by hackers via electronic eavesdropping or the like. Therefore, in this system, the algorithm must necessarily be kept secret in order to preserve the security of the system. If the secrecy of the algorithm were broken, the security of the whole of the system would thus be compromised due to the relative case by which the static variables may be discovered by electronic eavesdropping or the like. This explains why in this patent, means are provided for destroying the algorithm in the event of attempted fraud on the card (for example by storing the algorithm in volatile memory).
It will be noted, moreover, that in both the aforesaid U.S. Pat. No. 3,806,874 and U.S. Pat. No. 4,720,860, the second variable is a time-dependent dynamic value. Since this variable is necessarily produced independently, both in the card and in the server, the clocks of these two facilities used to produce the dynamic variable on each side, must be synchronized with a given accuracy. So as not to have to provide overly accurate clocks (which would considerably increase the cost of the system), a tolerance range has to be accepted inside which the current password remains valid. The shorter the tolerance range, the greater is the security provided, but the more problematic also is a lack of synchronization of the clocks.
In view of this tolerance range, the password calculated with each access request still remains valid for the duration of each interval separating two operations of calculating the dynamic variable. Such an interval may have a relatively long duration (typically 10 minutes or more, for example) so that an eavesdropper surreptitiously obtaining the password and the static variable for a card on the occasion of an access request will have time to use it throughout the aforesaid interval in the server and will thus easily be able to obtain access authorization.
U.S. Pat. No. 4,800,590 also discloses an authentication system employing a time-dynamic encryption key. Specifically, this system employs, as the input parameter for an encryption algorithm, an encryption key used as a dynamic variable which is altered as a function of time. This process requires the periodic updating of the encryption key, for example at a given frequency of one minute. Although this is easily implemented in the card, the same is not the case as regards the server. Indeed, the system can include a large number of users, each in possession of a card assigned a dynamic variable which is obviously unique for this card. Consequently, in the system known from U.S. Pat. No. 4,800,590, the server must periodically recalculate all the encryption keys at once or update the encryption key in one access request, by iterative calculations, the encryption key of a card requesting an access. It is appreciated that if the system includes a large number of cards (typically 100,000, for example), the updating of the encryption keys quickly becomes a crippling calculational burden to the server. This patent also discloses updating the key in response to user actuation of a switch; this embodiment is disadvantageous in limiting the frequency of key modification.
U.S. Pat. No. 5,060,263 also discloses a system which generates a dynamic password. In this system, a password generator produces each password by encrypting the previously generated password which is used as a variable. A plurality of fixed encryption keys are stored in the card. In order to enhance security, the server generates a random number for designating one key out of the plurality of keys which will be used for producing the password. The card must repeat the encryption sequences (by means of a public algorithm of the DES type) as many times as there are keys in the card, thereby looping the output into the input. In this prior system, the keys thus have fixed values in spite of the fact that they are randomly selected. However, they may be obtained by fraud in the memory of the card. Further, the random number generated in the server must be transmitted to the card and may be intercepted by fraud during transmission. Another problem arises in this system if the card user does not complete an access request in the server. In that case, there will be serious out-of-synchronization problems since each password is generated on the basis of the previous password so that the offset becomes more and more important over time. Some mechanism must then be provided for restoring synchronization.